[pve-devel] r4853 - pve-access-control/trunk

Wed Jun 30 07:37:52 CEST 2010

Author: dietmar
Date: 2010-06-30 05:37:46 +0000 (Wed, 30 Jun 2010)
New Revision: 4853

Modified:
   pve-access-control/trunk/AccessControl.pm
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/pveum
Log:
	* pveum: new roleadd/rolemod/roledel (Seth)

	* AccessControl.pm (modify_role): create role and modify privileges (Seth)

	* AccessControl.pm (delete_role): delete role functionality (Seth)



Modified: pve-access-control/trunk/AccessControl.pm
===================================================================

--- pve-access-control/trunk/AccessControl.pm	2010-06-29 06:49:41 UTC (rev 4852)
+++ pve-access-control/trunk/AccessControl.pm	2010-06-30 05:37:46 UTC (rev 4853)
@@ -655,6 +655,47 @@
     ident => 1, 
 };
 
+sub modify_role {
+
+    my ($role, $opts) = @_;
+    my $usercfg = load_user_config();
+
+    die "modify role '$role' failed - invalid characters in role name\n" if (!verify_rolename ($role));
+
+    if ($opts->{create}) {
+	die "add role '$role' failed - role already exists\n" if $usercfg->{roles}->{$role};	
+	$usercfg->{roles}->{$role} = {};
+    }
+
+    die "modify role '$role' failed - role does not exist\n" if !$usercfg->{roles}->{$role};
+
+    $usercfg->{roles}->{$role} = {} if !$opts->{append};
+    if ($opts->{privs}) {
+	foreach my $priv (split_list ($opts->{privs})) {
+	    if ($usercfg->{roles}->{$role} && defined ($valid_privs->{$priv})) {
+		$usercfg->{roles}->{$role}->{$priv} = 1;
+	    } else {
+		warn "modify role - ignore invalid priviledge '$priv'\n";
+	    } 
+	}	
+    }
+
+    save_user_config ($usercfg);
+}
+
+sub delete_role {
+    
+    my ($role) = @_;
+
+    my $usercfg = load_user_config();
+
+    delete ($usercfg->{roles}->{$role})
+        if $usercfg->{roles}->{$role};
+
+    save_user_config ($usercfg);
+
+}
+
 sub split_list {
     my $listtxt = shift || '';
 
@@ -810,6 +851,9 @@
 		    next;
 		}
 
+		# make sure to add the role (even if there are no privileges)
+		$cfg->{roles}->{$role} = {} if !$cfg->{roles}->{$role};
+
 		foreach my $priv (split_list ($privlist)) {
 		    if (defined ($valid_privs->{$priv})) {
 			$cfg->{roles}->{$role}->{$priv} = 1;

Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2010-06-29 06:49:41 UTC (rev 4852)
+++ pve-access-control/trunk/ChangeLog	2010-06-30 05:37:46 UTC (rev 4853)
@@ -1,3 +1,11 @@
+2010-06-29  Proxmox Support Team  <support at proxmox.com>
+
+	* pveum: new roleadd/rolemod/roledel (Seth)
+
+	* AccessControl.pm (modify_role): create role and modify privileges (Seth)
+
+	* AccessControl.pm (delete_role): delete role functionality (Seth)
+
 2010-06-28  Proxmox Support Team  <support at proxmox.com>
 
 	* pveum: new groupadd/groupdel (patch from Seth)

Modified: pve-access-control/trunk/pveum
===================================================================
--- pve-access-control/trunk/pveum	2010-06-29 06:49:41 UTC (rev 4852)
+++ pve-access-control/trunk/pveum	2010-06-30 05:37:46 UTC (rev 4853)
@@ -128,6 +128,50 @@
 
     exit(0);
 
+} elsif ($cmd eq 'roleadd') {
+
+    my $opts = {};
+
+    if (!GetOptions ($opts, 'privs=s')) {
+        exit (-1);
+    }
+
+    my $role = shift;
+
+    die "no role specified\n" if !$role;
+
+    $opts->{create} = 1;
+ 
+    PVE::AccessControl::modify_role($role, $opts);
+
+    exit(0);
+
+} elsif ($cmd eq 'rolemod') {
+
+    my $opts = {};
+
+    if (!GetOptions ($opts, 'append', 'privs=s')) {
+        exit (-1);
+    }
+
+    my $role = shift;
+
+    die "no role specified\n" if !$role;
+
+    PVE::AccessControl::modify_role($role, $opts);
+
+    exit(0);
+
+} elsif ($cmd eq 'roledel') {
+
+    my $role = shift;
+
+    die "no role specified\n" if !$role;
+
+    PVE::AccessControl::delete_role($role);
+
+    exit(0);
+
 } else {
 
     print_usage("unknown command '$cmd'");


